WIB Mini-Seminar, The Hague (21 st of March 2013) An update from the Control Systems Working Group

Transcription

1 WIB Mini-Seminar, The Hague (21 st of March 2013) An update from the Control Systems Working Group Kees Biesheuvel, DOW Product Manager MOD5 Engineering Solutions Jos Menting, Laborelec Belgium, CTO

2 The merger of two WIB Working Groups BPCS Working Group Plant Security Working Group 2013 Control Systems Working Group WIB

3 Who is active in the Control Systems Working Group? 1. Eric Abresch - Exxonmobil 2. Ted Angevaare Shell & Chairman 3. Kees Biesheuvel - DOW 4. Lex Boekel - Wintershall 5. Pascal vd Boogaard Shell 6. Guido de Bouver - M+W-group 7. Fabien Briere - Total (Fr) 8. Maarten de Caluwe DOW 9. Lion Demarteau - Sitech 10. Jimmy Denis - Laborelec 11. Ruud Denneman - Total 12. Mahdi Elkawafi - Wintershall 13. Sierk Goedemoed Heineken 14. Dominic de Kerf - Cargill 15. Michiel Kleisen - Dupont 16. Tom Koeken - EdeA 17. Peter Kwaspen Shell 18. Patrick Lienart - Total (Fr) 19. Mart Louisse - Aramco 20. Joris Meijs - AkzoNobel 21. Jos Menting Laborelec & Board 22. Onno Moret - Wintershall 23. Jos Oelers - Sabic 24. Kevin Orr - Solar Turbines 25. Frank Pijnenburg - DSM 26. Joost Roldaan - Heineken 27. Chris Sandford Wurldtech (Guest Mem) 28. Andre Schepens - Dow 29. Frans Staes - Cargill 30. Maximilien Simons - Solvay 31. Gerard Valkema - AkzoNobel 32. Edwin Vandeneynde - Solvay 33. Anneke Vemer - Exxonmobil 34. Lou Verhagen - AkzoNobel 35. Martin Visser - Waternet 36. Dick de Wagenaar - Q8 37. Jos Wenmeckers EdeA (Alphabetic-order)

4 New Plan of Action: First a strategy document shall be produced to provide steer to the Control Systems Working Group: Strategy is the direction and scope of an organization over the long-term: which achieves advantage for the organization through its configuration of resources within a challenging environment, to meet the needs of markets and to fulfill stakeholder expectations : The following subject will be addressed in the strategy document: 1- Sharing knowledge 2- IT security 3- Obsolescence /Life Cycle 4- Common voice to vendors Plant Security 5- Migration The Control Systems Working Group will be active on technical subjects and not on financial/commercial subjects. Dedicated Task Forces will be create to deal with specific subjects in more detail and to work on the subject to create a deliverable, such as a document or a presentation.

5 WIB MISSION Facilitate exchange of experience and expertise amongst end-users and with vendors of C&A Provide requirements, selection and application guidance through independent evaluation Tom Kuperij Managing Director March 25,

6 The old WIB Plant Security Workgroup Mission Statement from 2007: 1. Mitigate the threats to industrial automation, measurement & control equipment and systems created by Cyber Security risks; 2. Main focus area will be to generate minimum standards or create references to minimum International Standards and Guidelines to allow the WIB members to speak with one voice to the industrial automation Vendors to allow them to improve their products and services; 3. Create metrics to measure the level of protection to cyber security threats; 4. Provide guidance to the WIB members in the certification of Process Control Security products and services; Ref.:

7 New Plan of Action: The following Task Forces have been created: Task Force: PCD Security Metrics Who: Ruud Denneman Typical Best Practice Architectures Lex Boekel / Maarten de Caluwe / Guido de Bouver Security Management Accreditation + Certification FAT-SAT PCD Security Standards + Guidelines Pro-Active Security Definitions to/from suppliers Tom Koeken / Frans Staes Frank Pijnenburg Pascal vd Boogaard (in combination with LOGIIC) Ted Angevaare Frans Staes Kees Biesheuvel Life Cycle Management Jos Oelers / Onno Moret / Frank Pijnenburg / Lou Verhagen = More details provided in this presentation

8 Typical Best Practice Architectures: Create best practice architecture per vendor (secure high availability high integrity for L1 and L2 (L3)) Define what is required to create a typical architecture. Decided is to ask vendors to present/supply their vision on secure architecture based on their products Vendor: Siemens Rockwell ABB Emerson Honeywell Invensys Hima General Electric Yokogawa Bentley Nevada PILZ Beckhoff RTP Who: Michiel Kleisen - Dupont Frans Staes - Cargill Martin Visser - Waternet Ted Angevaare - Shell Michiel Kleisen - Dupont Lou Verhagen - AkzoNobel Kees Biesheuvel - DOW Jos Menting - Laborelec Ted Angevaare - Shell Peter Kwaspen - Shell Frans Staes - Cargill Onno Moret - Wintershall Kees Biesheuvel - DOW

9 Evolution towards international standards: downloads DACA security standards and experiences Less than 50% content from ISO IDEAL standard is selection of relevant IT requirements from various standards WIB Report M 2784 X10, version 1 WIB Report M 2784 X10, version 2 IEC proposal International standard Cyber Security Procurement Language for Control Systems by DHS IEC

10 Current IEC framework: 10

11 IEC process and present status now 11

12 Business case of certification: 12

13